Ask HN: What do you use for encrypting your personal stuff?

78 points by yangikan ↗ HN
I used to use Truecrypt (file based virtual encrypted disk). But it shut down under mysterious circumstances. Now there is veracrypt based on the same source code, but I am not sure I trust it. Are there better alternatives? What does everyone use?

86 comments

[ 2.6 ms ] story [ 151 ms ] thread
VeraCrypt.

The VeraCrypt FAQ addresses your concern: https://www.veracrypt.fr/en/FAQ.html

Direct link to audit: https://blog.quarkslab.com/security-assessment-of-veracrypt-...

Yes. Very crypt as adhoc encrypted folders I then move them around and versions them with git ( the version is not incremental, I just know if it’s the same hash .. )
Are you running git outside of the encrypted container? Or are you running it inside (versioning decrypted files)?

If you are doing the former, I used to use git-annex[1] for a similar purpose and liked it to keep track of where the encrypted versions of files are stored.

[1]: https://git-annex.branchable.com/

Outside, I’m versioning blob or encrypted data. I’m doing that for my password ( using the awesome “pass” cli ) And some pdf with PPI. Picture are backup non encrypted so It’s around 100mo since years. Checking… Less; 78mo.

But git annex look nifty! The use case is large file? Correct ?

The general digital forensic community switched to VeraCrypt for encryption evidence in transit via common carrier. So I agree on this.
LUKS is the de facto disk encryption in Linux. For file system encryption, use fscrypt and ZFS native encryption. For backups, use restic or Borg. For encrypted synchronization, use cryptomator, gocryptfs or rclone. File encryption is rarely needed anymore, but GPG works fine for that.

Depends what you want to encrypt.

rclone mount seems like a good option to mount encrypted files. Thank you.
Same... I'm on Linux so LUKS for all my SSDs. Then good old GPG for a few individual files / archives.
LUKS on linux works great. Restic can encrypt your backups before they go into whatever cloud will store it the cheapest.
Cryptomator for cloud-based storage, as it allows my to encrypt each files inside the vilolume separately, which makes it much more bandwidth friendly to desktop synchronization software.
Does this work on Windows/Linux?
Yes cryptomator works on Linux, Windows, Mac, iOS and Android.

It also has some cool features like photo auto upload on mobile.

One thing it specifically lacks though it's FreeBSD support which leaves a huge gap in my personal workflow but it's unlikely to bother all but a handful of people in the world :)

Is there a recent-is review of the crypto it uses?

I used to use Boxcryptor so I could have file-by-file encryption and sync directories full of encrypted files to various cloud storage services, but there was a know vulnerability with the way the crypto worked, were updates/changes to previously encrypted files could leak important info (I don't recall if it was cleartext or key hints?). It also had the problem of not encrypting directory names, so an attacker could see that you had a directory named "Plans For Super Secret Volcano Submarine Base" or "Darkweb purchase receipts".

TrueCrypt still works and doesn't have any known vulnerabilities afaik. For low-risk files I also sometimes use WinRAR, which according to the docs should have ok encryption (AES-256). Curious for other suggestions too.
> TrueCrypt still works and doesn't have any known vulnerabilities afaik.

I second this comment. Plus TrueCrypt has passed a serious source code audit. I'm not aware of any on-the-fly encryption system that has had the scrutiny of TrueCrypt. The main issue to be aware of is making certain you download the valid v7.1a source code or binaries. There are plenty of old trustworthy sites that have published the hashes of the source code tarballs or Windows binaries that you should check.

TrueCrypt works for me without any issue on current Linux systems, but I haven't tested it on recent Windows and macOS.

Generally zfs native encryption these days (as well as native encryption in macos and windows).
For encrypting files, I use AEScrypt[1]. Cross platform, simple to use, and easy to audit.

[1]: https://www.aescrypt.com/

I probably wouldn't. It looks pretty old, uses a fucky bespoke KDF for passwords (I'm looking at the 3.16 source code), has file metadata that doesn't appear to be authenticated, and does a weird dance of including the PID and time in the IVs for what looks like CBC mode?

You could build something more secure using the hello-world code for Go's Seal/Unseal crypto/ libraries, or Rust's Ring crate.

I likewise chose aescrypt as a tool that I could get my parents to install that would end up in their context shortcut menu. They wheedled out of doing so and I've kept using it via inertia.

I encrypt (business related) ssh keys in our company's keepass database file.

Bit rot. If my backups aren’t redundant and I don’t care to access something for long enough, it eventually becomes inaccessible to others.

Full-disk encryption from your OS vendor (FileVault, LUKS, whatever windows does) will accelerate this process.

Can you elaborate? Why would FDE or inactivity accelerate bit rot?
I can take a stab without really knowing for sure, I would guess that flipping a bit of the ciphertext would have much greater consequences than flipping a bit of the plaintext.
I could also argue it makes bitrot more detectable though.
It greatly raises the magnitude of consequences of not maintaining data access. Whole swathes vanish at a stroke, be it a flipped bit or a key forgotten or lost due to disuse.
zipcrypto...jk

I would always be hesitant to disclose what type of crypto you are using, unless I guess you have nothing important. I think veracrypt, 7zip, openssl are good. Probably anything that has been recently audited. Just make sure you are offline when decrypting or encrypting or else it may defeat the purpose.

Encrypted sparse bundle disk images on macOS if I want something individually encrypted. Built-in full disk encryption too. No extra software needed.

On Linux, there's LUKS as mentioned already.

Oh, I forgot the default disk encryption in Windows: ransomware. (jk, I'm sure there's something)
Bitlocker is on by default in windows 10 & 11: https://support.microsoft.com/en-us/windows/device-encryptio...
"by default" is a bit of a stretch because from the link it says "BitLocker encryption is available on supported devices running Windows 10 or 11 Pro, Enterprise, or Education."

So it's only on by default if you shelled dough out for one of those

Device encryption on Windows Home has a different brand name ("Windows Device Encryption") and works a bit differently, but AFAICT it's also on by default if you log in with a Microsoft or AAD account. Can't find any specific documentation on that, though.
It’s also randomly on via errant windows updates, apparently.
I had it decrypt my drive then turned it off. Linux couldn't see my stuff when I dual booted.
It sounds like you're running Windows?

On Windows I just use the built-in Bitlocker encryption.

It is a bit annoying understanding what this means between Windows Home and Pro editions though.

On Home, it's not technically 'Bitlocker' - it's Device Encryption - hit Windows key & type 'device encryption' - if you see 'Device Encryption Settings', you should have it available. If you do not, it's probably not available on your device e.g. maybe you don't have a TPM, although I've had Windows machines that showed it as not available but then I was able to get it running with a bit of messing around and registry hacking.

It is still Bitlocker under the hood, but it's missing some features. You can get some of them by logging into your machine with a Microsoft account, but if you're running a local account (like I am) you get a more budget experience (e.g. I don't think there's an easy way to get the Bitlocker encryption key or have it backed up online).

If you only want to run local accounts, the easier and probably safer solution is to shell out for Windows Pro and take advantage of the full Bitlocker experience.

(comment deleted)
rvault for small documents: https://github.com/rmind/rvault

It uses envelope encryption with one-time password (OTP) authentication. I like to store data on the systems I own and just run backups regularly.

For small one-off encryption use cases (i.e. encrypt a single file) I use age: https://github.com/filosottile/age

Especially convenient when you need to transmit the file over some untrusted medium like email, or if you just want to dump it in some cloud storage service and not worry about potential snooping.

I'm not convinced that whole-disk encryption is sensible for most threat models, but I use the built-in FileVault on macOS (under the reasoning that, at the very least, it can't really hurt).

On Linux, I use age[1] (specifically, rage[2]) to encrypt sensitive files. I wrote a secret manager that uses the latter as an encryption backend[3], and I use `rage-mount` to mount (read-only) views of encrypted archives.

[1]: https://github.com/FiloSottile/age

[2]: https://github.com/str4d/rage

[3]: https://github.com/woodruffw/kbs2

For what it's worth: the threat model for whole-disk encryption is "I turned my laptop off, shut it, and then managed to leave it in the back of a taxi". That's pretty much the only scenario it's helping you in. It's a way of making sure that a lost laptop isn't a company-wide security incident.
Mine hibernate after some period (2h I think) with the lid closed, and require disk decryption on wake from that. Not a correction exactly, just to say it's a bit better than merely only 'I turned it off', at least if you use hibernation.
Or if you travel on airplanes. I have twice had my laptop taken in the backroom by security where I am pretty sure they copied my hard drive.
Can you tell us more about the circumstances? Do you mean airport security screening or do you means customs and immigration? Why were picked? Did they ask for your login / BIOS / disk encryption passwords? For how long were they away with your laptop? What did you do afterward (like wipe the disk in case they installed a surveillance tool)?
Answered in above response. They took it long enough to make a copy. These were random searches. I have flown around the planet way too many times.
Complete speculation... but they're security grunts, not digital forensic experts.

At best, they probably just plug it into a black box and that box searches what it can for certain file hashes or names. Encrypted disk and it's game over.

Unless they're specifically looking for your data in particular - then all bets are off.

Not sure what they'd do with most modern laptops that have soldered drives though.

Happy to be corrected.

I believe they often ask for your passwords at the border too. I read that some borders also ask for your social media accounts, not sure if they want passwords for those too.

Would be interesting to set up a honeypot of sorts that records everything they do when they login to your device. Could even activate the camera and mic recording.

It seems unbelievable that it's accepted that they can walk away with your device and login as you and then do whatever they want.

I've seen on border patrol shows the guards going through messages on the phone looking for evidence of an intent to take paid work, etc. But it looks like a pretty surface-level manual search, at least the part they show on TV.

Surely somebody on here has had experience in this from the other side?

>where I am pretty sure they copied my hard drive

What evidence do you have, leaving aside speculation or conjecture? Can you state it any higher than it was possible they copied your hard drive? Is this a routine occurrence where you live?

> What evidence

Well I am pretty sure the personnel liked GP’s laptop colour and just wanted to admire it in privacy. Or maybe lick it as well; and possibly passing around among themselves so that more could lick it.

Was it routine, or you fall under some “profiled” demographic?

You didn’t mention the country, should I assume US of A? Or it happens elsewhere as well?

Ever been forced to open the laptop or phone as well?

This happened to me at airports in Israel and Germany. I am a US citizen and was not in any category of suspicion. This happens with US airport security too. I was dumb back then and did not encrypt my drive. They did ask me to boot up the laptop first probably to ensure it wasn't encrypted. If this ever happens to me again, I will refuse to decrypt the drive.
You might end up locked up or otherwise inconvenienced. You have less rights than you might think in situations like that. Leave the laptop at home or wipe it before you leave. Same with phones. They can't take what isn't there.
Resistance is fertile. I will demand they call the embassy if they push it. I travel for work and need functional devices.
They'll just refuse you entry. Why would they care about your work?
How long did they have your laptop? Hard drives on laptops these days are frequently 500GB or 1TB, and copying 1TB of data from one of these is not a quick operation at all.
I have trouble finding another threat model which matters as an individual. Why do you encrypt your files if not to protect you from accidentally losing your things?

Communication is pretty much always automatically covered nowadays.

proper FDE (inc. swap) on linux turns hibernation into a cryptographic lock.
VeraCrypt and Bitlocker have already been mentioned, so in case they don't cover your use case, take a look at Cryptomator.

You can have an encrypted folder, put it on Google Drive and then decrypt it from any of your devices. Even iOS will support it natively once you do the setup with the Cryptomator app.

If the encryption is good, shouldn't it be fine to say that you use it? E.g. I need to share my public PGP key, but it does not make me particularly vulnerable, does it?
OpSec (Operational Security) is a huge part of the game. If you want to reduce attack surface you probably want to give adversaries as little to go off of as possible.
I remain unconvinced.

Just look at TLS. Anybody who can sniff a TLS connection can tell exactly what encryption is being used, yet we consider TLS to be quite secure other than potential concerns with PKI.

That said, I'd be slightly surprised if there wasn't metadata on the drive that could be used to determine which brand of disk encryption is in use, but it'd still be worthless. If the knowledge that I'm using X to encrypt my drive actually leads to them decrypting my drive, then X was terrible and never should have been used to begin with.

Explain exactly what attack vector not posting what encryption software you use is supposed to protect against?

* If you are attacked by an adversary with access to your hardware they can tell what encryption you are using.

* If you are attacked by an adversary without access to your hardware then knowing what you use doesn't given them any advantage.

On the other hand, telling people they shouldn't provide recommendations for encryption software is just the kind of thing an adversary might do...

The folks who are using hidden volumes and going full paranoid aren't the ones responding here. Most methods are fairly obvious.

My backup hard drive has the Veracrypt installer and a file that ends in .hc. I wonder what setup I'm using? If I went a degree more obtuse and just had a 200GB file consisting of a header and a bunch of cryptographically random data, it wouldn't take the NSA to understand what was going on.

The same applies to Bitlocker/LUKS.

My encryption setup isn't designed to stop state-level actors. It's designed to stop anyone who has access to one of my backups or who steals one of my machines. Bitlocker (with the key backed up to the cloud) and Veracrypt (for offline backups) fit those needs purposely. If a government agent asked me for the key to decrypt my backup drive I would surrender it without a fuss.

Not really, proper encryption is usually opensource, peer audited for decades, and inspected by several global government agencies.

Math is funny this way, as it is an all or nothing algorithm... where it is either fully secure or broken beyond repair (sometimes intentionally).

A better question, is who do you trust?

I'm sorry your day is this boring, but please don't chaff up threads with stuff like this just to spice things up for yourself. It's an extremely straightforward question; if you don't have an answer, you don't need to comment.
(comment deleted)
I gave up. Old PCs used to die and I could just take the disk and put into a new box and copy what I could. I encrypted a disk and ended up losing everything on there (except photos which were backed up). I realized I really dont have anyhthing worth stealing. I keep tax returns on a usb stick, with a paper copy backed up.
I like Gocryptfs. Easy to see and reason about that it is working.
I use a custom implementation of rot13 I implemented in Rust
Everything is better with rust.
LUKS for my main drive. VeraCrypt for everything else.
On Linux: LUKS. On FreeBSD: GELI. On Mac: FileVault. On windows I guess I would use bitlocker though I rarely need it there.

So basically I use the default encryption. When I need to move stuff from one computer to another I encrypt the files individually with GPG (using openPGP keys on smartcard or yubikey)

All the default options. BitLocker on Windows, FileVault 2 on macOS and LUKS on Linux.